EmergingThreats> Main Web>2006435 (revision 1)EditAttach

alert tcp $EXTERNAL_NET any -> $HOME_NET 22 (msg:"BLEEDING-EDGE SCAN LibSSH? Based SSH Connection - Often used as a BruteForce? Tool"; flow:established,to_server; content:"SSH-"; content:"libssh"; within:20; classtype:misc-activity; sid:2006435; rev:3;)

Added 2007-07-31 00:16:11 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET 22 (msg:"BLEEDING-EDGE SCAN LibSSH? Based SSH Bruteforce Attempt"; flow:established,to_server; content:"SSH-"; content:"libssh"; within:20; classtype:misc-activity; sid:2006435; rev:2;)

Added 2007-07-27 12:46:42 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET 22 (msg:"BLEEDING-EDGE SCAN LibSSH? Based SSH Bruteforce Attempt"; flags:PA; flow:established; pcre:"/SSH-(1|2)\.0-\.*libssh\.*/"; classtype:misc-activity; sid:2006435; rev:1;)

Added 2007-07-27 03:46:09 UTC


Edit | Attach | Print version | History: r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions...
Topic revision: r1 - 2007-07-31 - MattJonkman
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats